Make WordPress Core


Ignore:
Timestamp:
07/06/2021 11:55:44 PM (3 years ago)
Author:
peterwilsoncc
Message:

Block Editor: Update packages with latest fixes for 5.8 RC2

Includes the following fixes:

  • Query Block: Type validation of WP_Query parameters.

Props ntsekouras, stevehenty, peterwilsoncc, desrosj.
Fixes #53397.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/blocks.php

    r51348 r51362  
    10581058
    10591059    if ( isset( $block->context['query'] ) ) {
    1060         if ( isset( $block->context['query']['postType'] ) ) {
    1061             $query['post_type'] = $block->context['query']['postType'];
     1060        if ( ! empty( $block->context['query']['postType'] ) ) {
     1061            $post_type_param = $block->context['query']['postType'];
     1062            if ( is_post_type_viewable( $post_type_param ) ) {
     1063                $query['post_type'] = $post_type_param;
     1064            }
    10621065        }
    10631066        if ( isset( $block->context['query']['sticky'] ) && ! empty( $block->context['query']['sticky'] ) ) {
     
    10691072            }
    10701073        }
    1071         if ( isset( $block->context['query']['exclude'] ) ) {
    1072             $query['post__not_in'] = array_merge( $query['post__not_in'], $block->context['query']['exclude'] );
    1073         }
    1074         if ( isset( $block->context['query']['perPage'] ) ) {
    1075             $query['offset']         = ( $block->context['query']['perPage'] * ( $page - 1 ) ) + $block->context['query']['offset'];
    1076             $query['posts_per_page'] = $block->context['query']['perPage'];
    1077         }
    1078         if ( isset( $block->context['query']['categoryIds'] ) ) {
    1079             $query['category__in'] = $block->context['query']['categoryIds'];
    1080         }
    1081         if ( isset( $block->context['query']['tagIds'] ) ) {
    1082             $query['tag__in'] = $block->context['query']['tagIds'];
    1083         }
    1084         if ( isset( $block->context['query']['order'] ) ) {
     1074        if ( ! empty( $block->context['query']['exclude'] ) ) {
     1075            $excluded_post_ids     = array_map( 'intval', $block->context['query']['exclude'] );
     1076            $excluded_post_ids     = array_filter( $excluded_post_ids );
     1077            $query['post__not_in'] = array_merge( $query['post__not_in'], $excluded_post_ids );
     1078        }
     1079        if (
     1080            isset( $block->context['query']['perPage'] ) &&
     1081            is_numeric( $block->context['query']['perPage'] )
     1082        ) {
     1083            $per_page = absint( $block->context['query']['perPage'] );
     1084            $offset   = 0;
     1085
     1086            if (
     1087                isset( $block->context['query']['offset'] ) &&
     1088                is_numeric( $block->context['query']['offset'] )
     1089            ) {
     1090                $offset = absint( $block->context['query']['offset'] );
     1091            }
     1092
     1093            $query['offset']         = ( $per_page * ( $page - 1 ) ) + $offset;
     1094            $query['posts_per_page'] = $per_page;
     1095        }
     1096        if ( ! empty( $block->context['query']['categoryIds'] ) ) {
     1097            $term_ids              = array_map( 'intval', $block->context['query']['categoryIds'] );
     1098            $term_ids              = array_filter( $term_ids );
     1099            $query['category__in'] = $term_ids;
     1100        }
     1101        if ( ! empty( $block->context['query']['tagIds'] ) ) {
     1102            $term_ids         = array_map( 'intval', $block->context['query']['tagIds'] );
     1103            $term_ids         = array_filter( $term_ids );
     1104            $query['tag__in'] = $term_ids;
     1105        }
     1106        if (
     1107            isset( $block->context['query']['order'] ) &&
     1108                in_array( strtoupper( $block->context['query']['order'] ), array( 'ASC', 'DESC' ), true )
     1109        ) {
    10851110            $query['order'] = strtoupper( $block->context['query']['order'] );
    10861111        }
     
    10881113            $query['orderby'] = $block->context['query']['orderBy'];
    10891114        }
    1090         if ( isset( $block->context['query']['author'] ) ) {
    1091             $query['author'] = $block->context['query']['author'];
    1092         }
    1093         if ( isset( $block->context['query']['search'] ) ) {
     1115        if (
     1116            isset( $block->context['query']['author'] ) &&
     1117            (int) $block->context['query']['author'] > 0
     1118        ) {
     1119            $query['author'] = (int) $block->context['query']['author'];
     1120        }
     1121        if ( ! empty( $block->context['query']['search'] ) ) {
    10941122            $query['s'] = $block->context['query']['search'];
    10951123        }
Note: See TracChangeset for help on using the changeset viewer.